You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2020/10/26 12:26:21 UTC
[apisix] branch master updated: change(jwt-auth): split schema to
adapt different occasions (#2459)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 9500a82 change(jwt-auth): split schema to adapt different occasions (#2459)
9500a82 is described below
commit 9500a8219aab57ca80da5e717470f2062403eadd
Author: 罗泽轩 <sp...@gmail.com>
AuthorDate: Mon Oct 26 20:26:11 2020 +0800
change(jwt-auth): split schema to adapt different occasions (#2459)
Close #2288.
---
apisix/plugins/jwt-auth.lua | 32 +++++++++++++++-----
t/plugin/jwt-auth.t | 73 ++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 93 insertions(+), 12 deletions(-)
diff --git a/apisix/plugins/jwt-auth.lua b/apisix/plugins/jwt-auth.lua
index 054d393..a594e6f 100644
--- a/apisix/plugins/jwt-auth.lua
+++ b/apisix/plugins/jwt-auth.lua
@@ -31,6 +31,13 @@ local plugin_name = "jwt-auth"
local schema = {
type = "object",
+ additionalProperties = false,
+ properties = {},
+}
+
+local consumer_schema = {
+ type = "object",
+ additionalProperties = false,
properties = {
key = {type = "string"},
secret = {type = "string"},
@@ -44,7 +51,8 @@ local schema = {
type = "boolean",
default = false
}
- }
+ },
+ required = {"key"},
}
@@ -75,20 +83,28 @@ do
end -- do
-function _M.check_schema(conf)
+function _M.check_schema(conf, schema_type)
core.log.info("input conf: ", core.json.delay_encode(conf))
- local ok, err = core.schema.check(schema, conf)
+ local ok, err
+ if schema_type == core.schema.TYPE_CONSUMER then
+ ok, err = core.schema.check(consumer_schema, conf)
+ else
+ ok, err = core.schema.check(schema, conf)
+ end
+
if not ok then
return false, err
end
- if not conf.secret then
- conf.secret = ngx_encode_base64(resty_random.bytes(32, true))
- end
+ if schema_type == core.schema.TYPE_CONSUMER then
+ if not conf.secret then
+ conf.secret = ngx_encode_base64(resty_random.bytes(32, true))
+ end
- if not conf.exp then
- conf.exp = 60 * 60 * 24
+ if not conf.exp then
+ conf.exp = 60 * 60 * 24
+ end
end
return true
diff --git a/t/plugin/jwt-auth.t b/t/plugin/jwt-auth.t
index c940135..0a041b0 100644
--- a/t/plugin/jwt-auth.t
+++ b/t/plugin/jwt-auth.t
@@ -29,9 +29,10 @@ __DATA__
location /t {
content_by_lua_block {
local plugin = require("apisix.plugins.jwt-auth")
- local conf = {}
+ local core = require("apisix.core")
+ local conf = {key = "123"}
- local ok, err = plugin.check_schema(conf)
+ local ok, err = plugin.check_schema(conf, core.schema.TYPE_CONSUMER)
if not ok then
ngx.say(err)
end
@@ -42,7 +43,7 @@ __DATA__
--- request
GET /t
--- response_body_like eval
-qr/{"algorithm":"HS256","secret":"[a-zA-Z0-9+\\\/]+={0,2}","exp":86400}/
+qr/{"algorithm":"HS256","secret":"[a-zA-Z0-9+\\\/]+={0,2}","key":"123","exp":86400}/
--- no_error_log
[error]
@@ -52,8 +53,9 @@ qr/{"algorithm":"HS256","secret":"[a-zA-Z0-9+\\\/]+={0,2}","exp":86400}/
--- config
location /t {
content_by_lua_block {
+ local core = require("apisix.core")
local plugin = require("apisix.plugins.jwt-auth")
- local ok, err = plugin.check_schema({key = 123})
+ local ok, err = plugin.check_schema({key = 123}, core.schema.TYPE_CONSUMER)
if not ok then
ngx.say(err)
end
@@ -454,3 +456,66 @@ Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtle
hello world
--- no_error_log
[error]
+
+
+
+=== TEST 23: without key
+--- config
+ location /t {
+ content_by_lua_block {
+ local core = require("apisix.core")
+ local plugin = require("apisix.plugins.jwt-auth")
+ local ok, err = plugin.check_schema({}, core.schema.TYPE_CONSUMER)
+ if not ok then
+ ngx.say(err)
+ return
+ end
+
+ ngx.say("done")
+ }
+ }
+--- request
+GET /t
+--- response_body
+property "key" is required
+--- no_error_log
+[error]
+
+
+
+=== TEST 24: enable jwt auth plugin with extra field
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "jwt-auth": {
+ "key": "123"
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- error_code: 400
+--- response_body_like
+\{"error_msg":"failed to check the configuration of plugin jwt-auth err: additional properties forbidden, found key"\}
+--- no_error_log
+[error]